Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a82c5281 by Thorsten Alteholz at 2021-02-19T23:01:15+01:00
add note for CVE-2018-17206 in branch-2.6 of openvswitch
- - - - -
b09e8ff8 by Thorsten Alteholz at 2021-02-19T23:01:16+01:00
add note for CVE-2018-17204 in branch-2.6 of openvswitch
- - - - -
875f7684 by Thorsten Alteholz at 2021-02-19T23:01:17+01:00
uploading new point release in Stretch fixes some CVEs
- - - - -
25c770d7 by Thorsten Alteholz at 2021-02-19T23:02:58+01:00
Reserve DLA-2571-1 for openvswitch
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -28062,7 +28062,6 @@ CVE-2020-27827 [lldp: avoid memory leak from bad
packets]
[buster] - lldpd <no-dsa> (Minor issue)
[stretch] - lldpd <no-dsa> (Minor issue)
- openvswitch 2.15.0~git20210104.def6eb1ea+dfsg1-4 (bug #980132)
- [stretch] - openvswitch <no-dsa> (Minor issue)
NOTE: https://github.com/openvswitch/ovs/pull/337
NOTE:
https://github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61
NOTE:
https://mail.openvswitch.org/pipermail/ovs-announce/2021-January/000269.html
@@ -160285,11 +160284,11 @@ CVE-2018-17207 (An issue was discovered in Snap
Creek Duplicator before 1.2.42.
NOT-FOR-US: Snap Creek Duplicator
CVE-2018-17206 (An issue was discovered in Open vSwitch (OvS) 2.7.x through
2.7.6. The ...)
- openvswitch 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1
- [stretch] - openvswitch <no-dsa> (Minor issue)
[jessie] - openvswitch <not-affected> (Vulnerable code does not exist;
no such function)
NOTE:
https://github.com/openvswitch/ovs/commit/5026a263d7846077eee540de42192d27da513226
(master)
NOTE:
https://github.com/openvswitch/ovs/commit/20626d38c1a1d4cebb5a6911ea3cb6a7f4f993f8
(branch-2.8)
NOTE:
https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8
(branch-2.7)
+ NOTE:
https://github.com/openvswitch/ovs/commit/ee47d61ba1c97cf67a68f0191dec1f93bfafc0a0
(branch-2.6)
CVE-2018-17205 (An issue was discovered in Open vSwitch (OvS) 2.7.x through
2.7.6, aff ...)
- openvswitch 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1
[stretch] - openvswitch <not-affected> (Vulnerable code introduced
later)
@@ -160299,11 +160298,11 @@ CVE-2018-17205 (An issue was discovered in Open
vSwitch (OvS) 2.7.x through 2.7.
NOTE:
https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6
(branch-2.7)
CVE-2018-17204 (An issue was discovered in Open vSwitch (OvS) 2.7.x through
2.7.6, aff ...)
- openvswitch 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1
- [stretch] - openvswitch <no-dsa> (Minor issue)
[jessie] - openvswitch <not-affected> (Vulnerable code does not exist;
no such function)
NOTE:
https://github.com/openvswitch/ovs/commit/9740d81d94888cb158fa99a9366fe2b32b3e4aaa
(master)
NOTE:
https://github.com/openvswitch/ovs/commit/8976ea1d680ab7a2d726a50e5666aa8fefd24168
(branch-2.8)
NOTE:
https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde
(branch-2.7)
+ NOTE:
https://github.com/openvswitch/ovs/commit/fbe37f3ccc819a044a500fb5da13d3e53596c2a7
(branch-2.6)
NOTE: ovs-vswitchd does not enable support for OpenFlow 1.5 by default.
CVE-2018-17203
REJECTED
@@ -232834,7 +232833,6 @@ CVE-2017-9215
CVE-2017-9214 (In Open vSwitch (OvS) 2.7.0, while parsing an
OFPT_QUEUE_GET_CONFIG_RE ...)
[experimental] - openvswitch 2.8.1+dfsg1-1
- openvswitch 2.8.1+dfsg1-2 (bug #863228)
- [stretch] - openvswitch <no-dsa> (Minor issue)
[jessie] - openvswitch <not-affected> (Vulnerable code not present)
[wheezy] - openvswitch <not-affected> (Vulnerable code not present)
NOTE:
https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html
@@ -292977,7 +292975,6 @@ CVE-2015-8011 (Buffer overflow in the lldp_decode
function in daemon/protocols/l
[wheezy] - lldpd <not-affected> (Vulnerable code not present)
[squeeze] - lldpd <not-affected> (Vulnerable code not present)
- openvswitch 2.15.0~git20210104.def6eb1ea+dfsg1-1
- [stretch] - openvswitch <no-dsa> (Minor issue)
NOTE:
https://github.com/lldpd/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2
NOTE: https://www.openwall.com/lists/oss-security/2015/10/16/2
NOTE:
https://mail.openvswitch.org/pipermail/ovs-announce/2021-January/000268.html
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[19 Feb 2021] DLA-2571-1 openvswitch - security update
+ {CVE-2015-8011 CVE-2017-9214 CVE-2018-17204 CVE-2018-17206
CVE-2020-27827 CVE-2020-35498}
+ [stretch] - openvswitch 2.6.10-0+deb9u1
[20 Feb 2021] DLA-2570-1 screen - security update
{CVE-2021-26937}
[stretch] - screen 4.5.0-6+deb9u1
=====================================
data/dla-needed.txt
=====================================
@@ -77,8 +77,6 @@ openldap (Uktarsh)
NOTE: 20210215: update ready at
https://salsa.debian.org/openldap-team/openldap/-/commits/stretch.
NOTE: 20210215: waiting to see if anything else comes up. (utkarsh)
--
-openvswitch (Thorsten Alteholz)
---
php-pear
--
python-pysaml2 (Abhijith PA)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a4dd28903f5e9a1a697ad08621e093c1123b9519...25c770d7498025393afeabe607f45770074be37b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a4dd28903f5e9a1a697ad08621e093c1123b9519...25c770d7498025393afeabe607f45770074be37b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
